Information Governance in the More-Agile-Than-Ever Workplace
"Everyone is working remotely now…but is our data still safe?"
In the rush to enable all employees to work from home, many organisations took calculated risks, allowing staff to work under less than ideal conditions. Some businesses were better prepared than others, but the onset of the global pandemic introduced unexpected challenges for nearly every IT department tasked with suddenly providing remote access to formerly office-based employees.
From deploying laptops to providing training on how to access information online, the initial emphasis was on business continuity with an understanding that many practices would be re-evaluated once the distributed office was up and running. There were also upsides, as users who once resisted change became keen on “going digital” and started embracing paperless ways of working.
Now remote working — and “working from anywhere” — are becoming widely accepted as a viable option on a more permanent basis. (And of course, in many locations, there is still no other choice.)
As a result, many organisations are reviewing and tightening their information governance policies and procedures to minimise the security and data protection risks that arise from distributed working.
Many companies are extending stricter requirements to suppliers, including their law firms, in the form of updated outside counsel guidelines (OCGs) specifying exactly how their data can be accessed and stored.
Similarly, they are issuing RFPs asking prospective vendors (and law firms) to detail their security and information governance practices: How is sensitive client information safeguarded? Who specifically has access to information? Is document security default-open, or default need to know? How are document access and activity managed, tracked and reported on? How long is client information retained? Can audits be performed on demand to demonstrate compliance? And what precautions are firms taking to protect data when their staff are working from home?
Organisations that act sooner to address the requirements of this new information governance landscape will benefit from improved security, reduced risk and stronger trust in their ability to function effectively in times of uncertainty and volatility.
Embedding Information Governance Into Workflows
FileTrail has been working closely with NetDocuments and joint customers to enable information governance to be embedded in the way your organisation works, without creating more overhead for users.
Using FileTrail integrated with NetDocuments, users can automate workflows for classifying information and applying the relevant retention policies to each file. The policy in question may be your own information governance policy — or in the case of a law firm, it may be the relevant retention requirements specified in a client’s OCG.
You no longer need to assign staff to manually track expiring retention periods, or constantly chase individual approvers via email (or in person). Instead, the workflow automatically triggers notifications to the appropriate stakeholders to review and approve the relevant records (including both electronic and physical records) for disposition in a timely manner. The system automatically captures an audit trail of all activity — so you can easily generate reports on your organisation’s compliance (for management, clients, regulators and auditors).
The GDPR, CCPA and other regulations make it very clear that there are significant risks in holding on to data you no longer need. In addition, they have significantly increased the administrative overhead associated with justifying how and why you’re keeping any personal information you still have. Timely disposition and destruction of records you are no longer required to keep thus reduce ongoing storage and administrative costs, and reduce the risk of data breaches, as well as future litigation and liability.
Stricter supplier policies and outside counsel guidelines are extending new requirements across a broader ecosystem of service providers, making it clear that implementing strong information governance policies are essential to doing business moving forward. And in the event of a litigation hold or a security audit, the ability to demonstrate robust information governance processes and compliance is imperative.
Automating key aspects of information governance — and embedding it in the way your organization works — could make a critical difference in your firm’s ability to deliver services to your clients securely and efficiently, regardless of where your staff works.
For more information on how NetDocuments users are using FileTrail to enhance their information governance efforts, please click here.